Sabre: Cutting through Adversarial Noise with Adaptive Spectral Filtering and Input Reconstruction

Alec Diallo, Paul Patras

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

The adoption of neural networks (NNs) across critical sectors including transportation, medicine, communications infrastructure, etc. is inexorable. However, NNs remain highly susceptible to adversarial perturbations, whereby seemingly minimal or imperceptible changes to their inputs cause gross misclassifications, which questions their practical use. Although a growing body of work focuses on defending against such attacks, adversarial robustness remains an open challenge, especially as the effectiveness of existing solutions against increasingly sophisticated input manipulations comes at the cost of degrading ability to recognize benign samples, as we reveal. In this work we introduce SABRE, an adversarial defense framework that closes the gap between benign and robust accuracy in NN classification tasks, without sacrificing benign sample recognition performance. In particular, through spectral decomposition of the input and selective energy-based filtering, SABRE extracts robust features that serve in input reconstruction prior to feeding existing NN architectures. We demonstrate the performance of our approach across multiple domains, by evaluating it on image classification, network intrusion detection, and speech command recognition tasks, showing that SABRE not only outperforms existing defense mechanisms, but also behaves consistently with different neural architectures, data types, (un)known attacks, and adversarial perturbation strengths. Through these extensive experiments, we make the case for SABRE’s adoption in deploying robust and reliable neural classifiers.

Original languageEnglish
Title of host publication45th IEEE Symposium on Security and Privacy
PublisherIEEE
Pages1-18
Number of pages18
Publication statusAccepted/In press - 14 Aug 2023
Event45th IEEE Symposium on Security and Privacy - San Francisco, United States
Duration: 20 May 202423 May 2024
Conference number: 45
https://sp2024.ieee-security.org/

Conference

Conference45th IEEE Symposium on Security and Privacy
Abbreviated titleIEEE S&P 2024
Country/TerritoryUnited States
CitySan Francisco
Period20/05/2423/05/24
Internet address

Fingerprint

Dive into the research topics of 'Sabre: Cutting through Adversarial Noise with Adaptive Spectral Filtering and Input Reconstruction'. Together they form a unique fingerprint.

Cite this